cheat/cheatsheets/nmap

70 lines
1.7 KiB
Plaintext
Raw Normal View History

# Single target scan:
2013-08-14 07:41:17 +02:00
nmap [target]
# Scan from a list of targets:
2013-08-14 07:41:17 +02:00
nmap -iL [list.txt]
# iPv6:
2013-08-14 07:41:17 +02:00
nmap -6 [target]
# OS detection:
2014-04-18 11:22:50 +02:00
nmap -O --osscan_guess [target]
2013-08-14 07:41:17 +02:00
# Save output to text file:
2013-08-14 07:41:17 +02:00
nmap -oN [output.txt] [target]
# Save output to xml file:
2013-08-14 07:41:17 +02:00
nmap -oX [output.xml] [target]
# Scan a specific port:
2013-08-14 07:41:17 +02:00
nmap -source-port [port] [target]
# Do an aggressive scan:
2013-08-14 07:41:17 +02:00
nmap -A [target]
2014-04-18 11:22:50 +02:00
# Speedup your scan:
2014-07-29 18:01:04 +02:00
# -n => disable ReverseDNS
# --min-rate=X => min 300 packets / sec
nmap -T5 --min-parallelism=50 -n --min-rate=300 [target]
2014-04-18 11:22:50 +02:00
# Traceroute:
2013-08-14 07:41:17 +02:00
nmap -traceroute [target]
# Ping scan only: -sP
2014-07-29 18:01:04 +02:00
# Don't ping: -PN <- Use full if a host don't reply to a ping.
# TCP SYN ping: -PS
# TCP ACK ping: -PA
# UDP ping: -PU
# ARP ping: -PR
2013-10-09 00:16:31 +02:00
# Example: Ping scan all machines on a class C network
2014-04-02 11:14:18 +02:00
nmap -sP 192.168.0.0/24
2014-04-01 19:18:19 +02:00
2014-07-29 18:01:04 +02:00
# Force TCP scan: -sT
# Force UDP scan: -sU
2014-04-01 19:18:19 +02:00
# Use some script:
nmap --script default,safe
# Loads the script in the default category, the banner script, and all .nse files in the directory /home/user/customscripts.
nmap --script default,banner,/home/user/customscripts
# Loads all scripts whose name starts with http-, such as http-auth and http-open-proxy.
nmap --script 'http-*'
# Loads every script except for those in the intrusive category.
nmap --script "not intrusive"
# Loads those scripts that are in both the default and safe categories.
nmap --script "default and safe"
# Loads scripts in the default, safe, or intrusive categories, except for those whose names start with http-.
nmap --script "(default or safe or intrusive) and not http-*"
2014-07-29 18:01:04 +02:00
# Scan for the heartbleed
# -pT:443 => Scan only port 443 with TCP (T:)
nmap -T5 --min-parallelism=50 -n --script "ssl-heartbleed" -pT:443 127.0.0.1
# Show all informations (debug mode)
nmap -d ...